STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017: STIGQter: STIG Summary: CA API Gateway ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Apr 2017:SV-85985r1_rule
V-71361
SRG-NET-000169-ALG-000102
CAGW-GW-000360
CAT II
10
Open the CA API GW - Policy manager and click the "Identity Providers" tab. Right-click "Identity Providers" and create the provider/s utilized for non-organizational users in accordance with organizational requirements. Add non-organizational users to the provider as necessary.
Open the CA API GW - Policy Manager and double-click the Registered Services requiring Certificate mapping to User Accounts. Update the policy with the "Require SSL/TLS with Client Certificate Authentication", the "Extract Attributes from Certificate", and one of the "Authenticate Against..." Assertions.
In addition, create the Policy Logic necessary to provide access to the Registered Service's resources after extracting the proper attributes from the certificate using the "Extract Attributes from Certificate" Assertion in accordance with organizational requirements.
Open the CA API GW - Policy manager and click the "Identity Providers" tab.
Verify a provider is listed and designated as the Identity Provider for non-organizational users in accordance with organizational requirements. Verify that non-organizational users are present within this provider.
Open the CA API GW - Policy Manager and double-click the Registered Services requiring Certificate mapping to User Accounts.
Verify that the "Require SSL/TLS with Client Certificate Authentication" Assertion is present, that "Extract Attributes from Certificate" is present, and that one of the "Authenticate Against..." Assertions is also present. In addition, verify that the logic necessary to provide access to the Registered Service's resources is properly enabled using the required Policy Logic after extracting the proper attributes from the certificate using the "Extract Attributes from Certificate" Assertion.
If these requirements have not been met within the policy, this is a finding.
V-71361
False
CAGW-GW-000360
Open the CA API GW - Policy manager and click the "Identity Providers" tab.
Verify a provider is listed and designated as the Identity Provider for non-organizational users in accordance with organizational requirements. Verify that non-organizational users are present within this provider.
Open the CA API GW - Policy Manager and double-click the Registered Services requiring Certificate mapping to User Accounts.
Verify that the "Require SSL/TLS with Client Certificate Authentication" Assertion is present, that "Extract Attributes from Certificate" is present, and that one of the "Authenticate Against..." Assertions is also present. In addition, verify that the logic necessary to provide access to the Registered Service's resources is properly enabled using the required Policy Logic after extracting the proper attributes from the certificate using the "Extract Attributes from Certificate" Assertion.
If these requirements have not been met within the policy, this is a finding.
M
3049